As expected, UAC prompts the user for permission before granting elevated privileges but was ineffective in stopping common samples of malware from running, in a Windows 7-based system without virus protection.

Whereas two of the ten chosen malware samples for the test would not run in Windows 7 without UAC turned on at all, only one sample W32/Autorun-ATK was controlled by UAC. The other seven ran as though they were being blocked only by a stack of dominoes.

On October 22nd, we settled in at SophosLabs and loaded a full release copy of Windows 7 on a clean machine. We configured it to follow the system defaults for User Account Control (UAC) and did not load any anti-virus software.

We grabbed the next 10 unique samples that arrived in the SophosLabs feed to see how well the newer, more secure version of Windows and UAC held up. Unfortunately, despite Microsoft’s claims, Windows 7 disappointed just like earlier versions of Windows. The good news is that, of the freshest 10 samples that arrived, 2 would not operate correctly under Windows 7.

The findings are, of course, not surprising, since the main problem with Windows 7’s UAC lies in the over-expectation of the average end user.

Just like end users, enterprises already migrating to Windows 7 face the same security issues. Eric Voskuil, CTO, BeyondTrust — the company that issued a report earlier this year, claiming that 92% of critical Microsoft vulnerabilities are mitigated by Least Privilege accounts:

In response to feedback that users were forced to respond to too many prompts in Windows Vista, the new operating system introduces a new approach to User Account Control (UAC), providing a four-position “slider” feature to control how often UAC pop-ups occur. While these changes to Windows 7’s UAC benefit the home user market, enterprises must recognize that the new slider feature can only be applied to users logged in as administrators and may increase security risks.

Further, Windows 7 introduces no new features to solve the application compatibility issues experienced by standard users in previous versions of the operating system. “The most secure configuration option for enterprises that deploy Windows 7 remains running end-users as standard users, with administrator rights removed,” said Eric Voskuil, CTO, BeyondTrust.

Is it a step in the right direction, or does it have the potential to provide a lot of users with a false feeling of security?

Subscribe to Twitter updates, or RSS, join Facebook for more Tech updates.

The concept of Matrix was once rejected by analysts. But today we feel with the kind of Technology advancements, it’s not far from I-M-Possible.

I started from the “Hacker” word to bring-out another advancement of an underworld. Normally, the Hacker word is used for both good and bad guys. I`ll refer mostly to bad guys.

Let’s start from this -

Late last year, the software engineers developing a new Windows-based networking client confronted an all-too-common problem in today’s hostile internet environment:

How would they make their software resistant to the legions of enemies waiting to attack it? Particularly worrisome was a key feature of their code, a mechanism to accept updates online. If it were subverted, an attacker could slip his own program into an installed base of millions of machines.
The coders decided to fortify their software with MIT’s brand-new, high-security cryptographic hashing algorithm called MD-6. It was an ambitious choice: MD-6 had been released just two months before, and hadn’t yet faced the rigors of real-life deployment. But things turned into nightmare and  the move seemed to backfire when a security hole was found in MD-6′s reference implementation – not long after the launch. But the coders rallied, and pushed out a corrected version in a new release of their software just weeks later.
It would be a model for secure software development, except for one detail: The “Windows-based networking client” in the example above is the B-variant of the spam-spewing Conficker worm; the corrected version is Conficker C, and the hard-working security-minded coders and software engineers? A criminal gang of anonymous malware writers, likely based in Ukraine. The very first real-world use of MD-6, an important new security algorithm, was by the bad guys.

The Future of hacking: Professional, Intellectual, Innovative, smart, and above-all Highly-funded. In the old days, hackers were mostly kids and college-age enthusiasts sowing their wild seeds before fertilizing the land.

Today, the best hackers have the skill and discipline of the best legitimate programmers and security gurus. They’re using mind-bending obfuscation techniques to deliver malicious code from hacked websites undetected. They’re writing malware for mobile phones and PDAs and even embedded devices from your STB to satellite mobile/GPS systems. The underground has even embraced the next-generation internet protocol IPv6 – setting up IPv6 chat rooms, file stores and websites hidden IPv6 tunnels unkonw to the world, even as legitimate adoption lags. Compare the contrast to rest of the commercial Service Providers/Enterprises, who still find it Challenging to deploy IPv6 due to potential Security leaks.

Ten years ago, an oft-repeated aphorism held that hackers were unskilled vandals: Just because they can break a window, doesn’t mean they could build one. Today’s bad guys could handcraft the broken glass it a living Monumental legend.

Money as a Catalyst: Computer criminals are scooping in millions through various scams and attacks. It is said that he best hackers are growing up in Russia and former Soviet satellite states, where there are fewer legitimate opportunities for smart coders.

“If you’re a sophisticated team of software developers, but you happen to be in Eastern Europe, what’s your way of raising a lot of money?” says Phillip Porras, the cyber threat expert at SRI International who dissected Conficker. “Maybe we’re dealing with business models that work for countries where it’s more difficult for them to sell mainstream software.”

Result – Hacking-As-A-Service – HaaS.

The Good

Want your new piece of product to be scanned for potential vulnerabilities, before launching commercially?

Pay them a fraction of chunk-of-money and they will hack and tear-apart your app within days. The Result- You get a stable and secure App, which will probably be less vulnerable to loopholes.

You may not be aware of this, but our Top secret and most secure systems like CIA and Military operations, either hire and/or contract industry’s smartest hackers to murder their security before the bad guys do it. That’s what makes them more secure than rest of the world.

“We need those guys who could make us feel unsafe today, so that we can foresee a safer future.” says a high Official Commissioner.

Ofcourse, there are other things that make them better than others, but this point is crucial.

The Bad

Want your custom code installed in a botnet of hacked machines? No Problemo!

It’ll cost you less than $25 for a 1,000 computers, $150 if you want them exclusively, says Uri Rivner, head of new technologies at security company RSA.

Today, an amateur can get a complete malware toolkit for $200 that has capability of making damages worth Millions. Story doesn’t en here, just like SaaS – Software as a service, you can rent Big Botnets for less than a grand that could take a Complete network of computers down and/or infect them to leave it in paralysis for several days. The damage is un-countable.

Or you can pay for a custom Trojan horse that will sneak past anti-virus software, or a toolkit that will let you craft your own.

“They actually have a testing lab where they test their malicious code against the latest anti-virus companies,” says Rivner, whose group closely monitors the underground. “While most computer criminals are thugs, the programmers and software entrepreneurs supplying them are scary-smart”.

Particularly disturbing to security experts is the speed with which the bad guys are jumping on newly disclosed vulnerabilities.

“Even one year ago, a lot of these web exploit toolkits were using vulnerabilities that had been discovered one or two years prior,” says Holly Stewart, Threat Response Manager at IBM’s X-Force. “They were really, really old…. That has really changed, especially this year. We’re seeing more and more current exploits go into these toolkits. And we’re seeing exploits come out that are even just a couple days after the vulnerability announcement.”

Whats even worse is, hackers are finding or purchasing their own vulnerabilities, called “zero day” exploits, for which no security patch exists. With real money to be had, there’s evidence that legitimate security workers are being tempted themselves. In April, federal prosecutors filed a misdemeanor conspiracy charge against security consultant Jeremy Jethro for allegedly selling a “zero day” Internet Explorer exploit to accused TJ Maxx hacker Albert Gonzales. The price tag: $60,000. It could take a lot of consulting gigs to make that kind of money performing penetration tests.
The change is being felt at every level of the cyber security world. When SRI’s Porras dug into the Conficker worm — which still controls an estimated 5 million machines, mostly in China and Brazil — the update mechanism initially baffled him and his team. “I know a lot of people stared at that segment of code and couldn’t figure out what it was,” he says. It wasn’t until crypto experts analyzed it that they realized it was MD-6, which at the time was available only from the websites of MIT and the U.S. National Institute of Standards and Technologies. Other portions of Conficker were equally impressive: the way it doggedly hunts for anti-virus software on a victim’s machine, and disables it; or the peer-to-peer mechanism. “There were points where it was pretty clear that certain major threads inside Conficker C seemed to be written by different people,” he says. “It left us feeling that we had a more organized team that brought different skills to bear… They aren’t people who have day jobs.”

Looking back, the first 20 years in the war between hackers and security defenders was pretty laid back for both sides. The hackers were tricky, sometimes even ingenious, but rarely organized. A wealthy anti-virus industry rose on the simple counter-measure of checking computer files for signatures of known attacks.

Everyday more and more rootkits and shocking vulnerabilities, thanks to good guys at BlackHat conferences, who make us aware of the Industry’ most dangerous stuff.

Hackers and security researchers mixed amiably at DefCon (World’s biggest Hacker’s conference) every year, seamlessly switching sides without anyone really caring. From now on, it’s serious. In the future, there won’t be many amateurs. It’s all professional and Official.

While the term “botnet” can be used to refer to any group of bots, such as IRC bots, this word is generally used to refer to a collection of compromised computers (called Zombie computers) running software, usually installed via drive-by downloads exploiting Web browser vulnerabilities, worms, Trojan horses, or backdoors, under a common command-and-control infrastructure.

The bad news is that, Botnet attacks are increasing, as cybercrime gangs use compromised computers to send spam, steal personal data, perpetrate click fraud and clobber Web sites in denial-of-service attacks. Here’s a list of America’s 10 most wanted botnets, based on an estimate by security firm Damballa of botnet size and activity in the United States.

Though most of them can be removed by most Antivirus softwares but not all vendors support removal ofall. So I’ve mentioned links where you can find steps for easy removal/ prevention of the specified Botnets

BotNets are more serious problem than you can think of. The no. of infected PCs (and users don’t have an idea about it) are increasing day-by-day.

So let’s raise the awareness by discussing Top 10 among the 100s, Ranked by size and strength of damage in the Increasing Order.

No. 10: Conficker

Compromised Computers: 210,000

This downloader worm has spread significantly throughout the world, though not so much in the U.S., its also called Downadup.  It’s a complex downloader used to propagate other malware. Though it has been used to sell fake antivirus software, this crimeware currently seems to have no real purpose other than to spread. Industry watchers fear a more dangerous purpose will emerge.

How to Avoid/Fix

No. 9: Gammima

Also know as Gamina, Gamania, Frethog, Vaklik and Krap. This one focuses on stealing online game logins, passwords and account information. It uses rootkit techniques to load into the address space of other common processes, such as Windows Explorer.exe, and will spread through removable media such as USB keys. It’s also known to be the worm that got into the International Space Station in the summer of 2008.

How to Avoid/Fix

No. 8: Swizzor

Compromised U.S. computers: 370,000

A variant of the Lop malware, this Trojan dropper can download and launch files from the Internet on the victim’s machine without the user’s knowledge, installing an adware program and other Trojans.

How to Avoid/Fix

No. 1: Zeus

Compromised U.S. computers: 3.6 million

The Zeus Trojan uses key-logging techniques to steal sensitive data such as user names, passwords, account numbers and credit card numbers. It injects fake HTML forms into online banking login pages to steal user data.

How to Avoid/ Fix

BEST SOLUTION

Keep your antivirus software updated. I recommend changing antivirus/Ad-aware software to a different vendor evey month coz a single one may not catch all.